Compromised passwords have been the biggest digital security vulnerability since the dawn of computing. Now, Apple wants to do away with the concept altogether.
Although the concept of Passkeys has been known to the public since WWDC 2022, how Apple will implement the new standard has remained vague until this week. In an exclusive interview given to Tom’s Guide’s Mark Spoonauer, Apple VP Darin Adler and senior director Kurt Night said that iOS 16 allows users to ditch passwords entirely in favor of using Face ID or Touch ID as their login credentials.
Passkeys employ public key cryptography, a technology that generates a secret key stored locally on your iPhone. When you log into a website or other password-protected service, Safari uses your biometric data (Face ID or Touch ID) to verify that it’s you, then enters the locally-stored private key automatically. And Apple’s iCloud Keychain makes it possible to log in on whatever Apple device your iCloud account is connected to.
If you need to log into a service like Netflix or a financial institution from a non-Apple device, you can have a QR code generated that you can scan with your iPhone. Apple then verifies that you’re in the vicinity of whatever device you’re trying to use and automatically log you in. And if you happen to not have your iPhone with you (or it gets lost or stolen), you can recover your past keys through your iCloud account.
This technology is Apple’s implementation of the FIDO Alliance, a joint venture between Apple, Google, and Microsoft to eliminate passwords. While the latter two companies have previewed Passkey technology, Apple is the first to implement it across its most popular platforms. You can expect Passkeys to roll out before the end of the year in iOS 16 and macOS Ventura.